List of usage examples for javax.security.sasl SaslServer getAuthorizationID
public String getAuthorizationID();
From source file:org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.java
private void evaluateSaslResponse(final HttpServletRequest request, final HttpServletResponse response, final HttpSession session, final String saslResponse, final SaslServer saslServer, SubjectCreator subjectCreator) throws IOException { final String id; byte[] challenge; try {//from ww w. j a v a 2 s. c om challenge = saslServer.evaluateResponse( saslResponse == null ? new byte[0] : Base64.decodeBase64(saslResponse.getBytes())); } catch (SaslException e) { session.removeAttribute(ATTR_ID); session.removeAttribute(ATTR_SASL_SERVER); session.removeAttribute(ATTR_EXPIRY); response.setStatus(HttpServletResponse.SC_FORBIDDEN); return; } if (saslServer.isComplete()) { Subject subject = subjectCreator.createSubjectWithGroups(saslServer.getAuthorizationID()); try { authoriseManagement(request, subject); } catch (AccessControlException ace) { sendError(response, HttpServletResponse.SC_FORBIDDEN); return; } setAuthorisedSubjectInSession(subject, request, session); session.removeAttribute(ATTR_ID); session.removeAttribute(ATTR_SASL_SERVER); session.removeAttribute(ATTR_EXPIRY); response.setStatus(HttpServletResponse.SC_OK); } else { Random rand = getRandom(session); id = String.valueOf(rand.nextLong()); session.setAttribute(ATTR_ID, id); session.setAttribute(ATTR_SASL_SERVER, saslServer); session.setAttribute(ATTR_EXPIRY, System.currentTimeMillis() + SASL_EXCHANGE_EXPIRY); response.setStatus(HttpServletResponse.SC_OK); Map<String, Object> outputObject = new LinkedHashMap<String, Object>(); outputObject.put("id", id); outputObject.put("challenge", new String(Base64.encodeBase64(challenge))); final PrintWriter writer = response.getWriter(); ObjectMapper mapper = new ObjectMapper(); mapper.configure(SerializationConfig.Feature.INDENT_OUTPUT, true); mapper.writeValue(writer, outputObject); } }
From source file:org.wildfly.security.sasl.entity.EntityTest.java
@Test public void testSimpleUnilateralSha1WithRsaAuthentication() throws Exception { final SaslClientFactory clientFactory = obtainSaslClientFactory(EntitySaslClientFactory.class); assertNotNull(clientFactory);//from w w w . j a v a 2 s . c o m final SaslServer saslServer = createSaslServer(SaslMechanismInformation.Names.IEC_ISO_9798_U_RSA_SHA1_ENC, "testserver1.example.com", getX509KeyManager(serverKeyStore, KEYSTORE_PASSWORD), serverTrustStore); assertNotNull(saslServer); assertFalse(saslServer.isComplete()); final String[] mechanisms = new String[] { SaslMechanismInformation.Names.IEC_ISO_9798_U_RSA_SHA1_ENC }; CallbackHandler cbh = createClientCallbackHandler(mechanisms, clientKeyStore, CLIENT_KEYSTORE_ALIAS, KEYSTORE_PASSWORD, null); final SaslClient saslClient = clientFactory.createSaslClient(mechanisms, null, "test", "testserver1.example.com", Collections.<String, Object>emptyMap(), cbh); assertNotNull(saslClient); assertTrue(saslClient instanceof EntitySaslClient); assertFalse(saslClient.hasInitialResponse()); assertFalse(saslClient.isComplete()); byte[] message = saslServer.evaluateResponse(new byte[0]); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); message = saslClient.evaluateChallenge(message); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); message = saslServer.evaluateResponse(message); assertTrue(saslServer.isComplete()); assertNull(message); assertNull(saslClient.evaluateChallenge(message)); assertTrue(saslClient.isComplete()); assertEquals("cn=test client 1,ou=jboss,o=red hat,l=raleigh,st=north carolina,c=us", saslServer.getAuthorizationID()); }
From source file:org.wildfly.security.sasl.entity.EntityTest.java
@Test public void testUnilateralSha1WithRsaAuthenticationWithTrustedAuthorities() throws Exception { final SaslClientFactory clientFactory = obtainSaslClientFactory(EntitySaslClientFactory.class); assertNotNull(clientFactory);/*from ww w. j a va2 s . c o m*/ final SaslServer saslServer = createSaslServer(SaslMechanismInformation.Names.IEC_ISO_9798_U_RSA_SHA1_ENC, "testserver1.example.com", getX509KeyManager(serverKeyStore, KEYSTORE_PASSWORD), serverTrustStore); assertNotNull(saslServer); assertFalse(saslServer.isComplete()); final String[] mechanisms = new String[] { SaslMechanismInformation.Names.IEC_ISO_9798_U_RSA_SHA1_ENC }; CallbackHandler cbh = createClientCallbackHandler(mechanisms, getX509KeyManager(clientKeyStore, KEYSTORE_PASSWORD), null); final SaslClient saslClient = clientFactory.createSaslClient(mechanisms, null, "test", "testserver1.example.com", Collections.<String, Object>emptyMap(), cbh); assertNotNull(saslClient); assertTrue(saslClient instanceof EntitySaslClient); assertFalse(saslClient.hasInitialResponse()); assertFalse(saslClient.isComplete()); byte[] message = saslServer.evaluateResponse(new byte[0]); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); message = saslClient.evaluateChallenge(message); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); message = saslServer.evaluateResponse(message); assertTrue(saslServer.isComplete()); assertNull(message); assertNull(saslClient.evaluateChallenge(message)); assertTrue(saslClient.isComplete()); assertEquals("cn=signed test client,ou=jboss,o=red hat,st=north carolina,c=us", saslServer.getAuthorizationID()); }
From source file:org.wildfly.security.sasl.entity.EntityTest.java
@Test public void testUnilateralSha1WithRsaAuthenticationWithAuthorizationId() throws Exception { final SaslClientFactory clientFactory = obtainSaslClientFactory(EntitySaslClientFactory.class); assertNotNull(clientFactory);//from w w w . j a v a2 s . co m final SaslServer saslServer = createSaslServer(SaslMechanismInformation.Names.IEC_ISO_9798_U_RSA_SHA1_ENC, "testserver1.example.com", getX509KeyManager(serverKeyStore, KEYSTORE_PASSWORD), serverTrustStore); final String[] mechanisms = new String[] { SaslMechanismInformation.Names.IEC_ISO_9798_U_RSA_SHA1_ENC }; CallbackHandler cbh = createClientCallbackHandler(mechanisms, clientKeyStore, CLIENT_KEYSTORE_ALIAS, KEYSTORE_PASSWORD, null); final SaslClient saslClient = clientFactory.createSaslClient(mechanisms, "cn=test client 1,ou=jboss,o=red hat,l=raleigh,st=north carolina,c=us", "test", "testserver1.example.com", Collections.<String, Object>emptyMap(), cbh); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); byte[] message = saslServer.evaluateResponse(new byte[0]); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); message = saslClient.evaluateChallenge(message); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); message = saslServer.evaluateResponse(message); assertTrue(saslServer.isComplete()); assertNull(message); assertNull(saslClient.evaluateChallenge(message)); assertTrue(saslClient.isComplete()); assertEquals("cn=test client 1,ou=jboss,o=red hat,l=raleigh,st=north carolina,c=us", saslServer.getAuthorizationID()); }
From source file:org.wildfly.security.sasl.entity.EntityTest.java
@Test public void testSimpleMutualSha1WithRsaAuthentication() throws Exception { final SaslClientFactory clientFactory = obtainSaslClientFactory(EntitySaslClientFactory.class); assertNotNull(clientFactory);/*from www. ja v a 2 s . c o m*/ final SaslServer saslServer = createSaslServer(SaslMechanismInformation.Names.IEC_ISO_9798_M_RSA_SHA1_ENC, "testserver1.example.com", getX509KeyManager(serverKeyStore, KEYSTORE_PASSWORD), serverTrustStore); final String[] mechanisms = new String[] { SaslMechanismInformation.Names.IEC_ISO_9798_M_RSA_SHA1_ENC }; CallbackHandler cbh = createClientCallbackHandler(mechanisms, clientKeyStore, CLIENT_KEYSTORE_ALIAS, KEYSTORE_PASSWORD, getX509TrustManager(clientTrustStore)); final SaslClient saslClient = clientFactory.createSaslClient(mechanisms, null, "test", "testserver1.example.com", Collections.<String, Object>emptyMap(), cbh); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); byte[] message = saslServer.evaluateResponse(new byte[0]); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); message = saslClient.evaluateChallenge(message); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); message = saslServer.evaluateResponse(message); assertNotNull(message); message = saslClient.evaluateChallenge(message); assertNull(message); assertTrue(saslClient.isComplete()); assertTrue(saslServer.isComplete()); assertEquals("cn=test client 1,ou=jboss,o=red hat,l=raleigh,st=north carolina,c=us", saslServer.getAuthorizationID()); }
From source file:org.wildfly.security.sasl.entity.EntityTest.java
@Test public void testMutualAuthenticationWithDNSInCNField() throws Exception { // Although specifying a DNS name using the Common Name field has been deprecated, it is // still used in practice (e.g., see http://tools.ietf.org/html/rfc2818). This test makes // sure that general name matching during authentication still works in this case. final SaslClientFactory clientFactory = obtainSaslClientFactory(EntitySaslClientFactory.class); assertNotNull(clientFactory);// w ww . ja va2 s .c o m final KeyStore keyStore = loadKeyStore(serverKeyStore); final Certificate[] certificateChain = keyStore.getCertificateChain("dnsInCNServer"); final SaslServer saslServer = createSaslServer(SaslMechanismInformation.Names.IEC_ISO_9798_M_DSA_SHA1, "testserver2.example.com", serverTrustStore, (PrivateKey) keyStore.getKey("dnsInCNServer", KEYSTORE_PASSWORD), Arrays.copyOf(certificateChain, certificateChain.length, X509Certificate[].class)); final String[] mechanisms = new String[] { SaslMechanismInformation.Names.IEC_ISO_9798_M_DSA_SHA1 }; CallbackHandler cbh = createClientCallbackHandler(mechanisms, clientKeyStore, "dnsInCNClient", KEYSTORE_PASSWORD, getX509TrustManager(clientTrustStore)); final SaslClient saslClient = clientFactory.createSaslClient(mechanisms, null, "test", "testserver2.example.com", Collections.<String, Object>emptyMap(), cbh); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); byte[] message = saslServer.evaluateResponse(new byte[0]); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); message = saslClient.evaluateChallenge(message); assertFalse(saslServer.isComplete()); assertFalse(saslClient.isComplete()); message = saslServer.evaluateResponse(message); assertNotNull(message); message = saslClient.evaluateChallenge(message); assertNull(message); assertTrue(saslClient.isComplete()); assertTrue(saslServer.isComplete()); assertEquals("cn=testclient2.example.com,ou=jboss,o=red hat,l=raleigh,st=north carolina,c=us", saslServer.getAuthorizationID()); }
From source file:org.wso2.andes.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.java
/** * @see org.wso2.andes.server.security.auth.manager.AuthenticationManager#authenticate(SaslServer, byte[]) *//*from ww w. jav a2s. c om*/ public AuthenticationResult authenticate(SaslServer server, byte[] response) { try { // Process response from the client byte[] challenge = server.evaluateResponse(response != null ? response : new byte[0]); if (server.isComplete()) { final Subject subject = new Subject(); subject.getPrincipals().add(new UsernamePrincipal(server.getAuthorizationID())); return new AuthenticationResult(subject); } else { return new AuthenticationResult(challenge, AuthenticationResult.AuthenticationStatus.CONTINUE); } } catch (SaslException e) { return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e); } }